SSL/TLS certificates enable visitors to connect to your site with HTTPS, a secure protocol for exchanging information on the Internet. An SSL certificate will add a layer of secure encryption to your website, so any information your users submit on your website is encrypted. In this article we will explain how to obtain an SSL certificate for your website on the WP Engine platform.

WHAT IS HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is the protocol for secure communication on the World Wide Web, and it prevents eavesdroppers from seeing information that visitors send or receive over the Internet. HTTPS secures its connections by using SSL/TLS, protocols that authenticate web servers and that encrypt messages sent between browsers and web servers.

WHAT IS SSL/TLS?

TLS (Transport Layer Security) is a cryptographic protocol that provides secure communication over the Internet. HTTPS uses TLS to secure communication for website visitors. TLS provides the following security benefits:

Identity authentication — The browser determines whether a web server is the right server, and not an imposter.

Privacy — Information between the browser and web server is kept private by using encryption.

Data integrity — Messages between the browser and the web server cannot be altered by others (e.g., during a man-in-the-middle attack).

SSL (Secure Sockets Layer) is the predecessor of TLS. After SSL 3.0, the next upgrade was named TLS 1.0 (instead of SSL 4.0) because the version upgrade was not interoperable with SSL 3.0. Many people refer to TLS as SSL (old habits die hard) or as SSL/TLS, even though all versions of SSL are technically now deprecated.

When the SSL has completed installation, you will receive an email and the SSL options will become available

The process is automated from here. Once the order is placed, our system will verify DNS has been pointed and install the certificate. Certificates typically install within just a few minutes, however in some cases this can take up to 24 hours.

All SSLs ordered through WP Engine default to Auto-Renew and Secure All URLs.

Get Let’s Encrypt SSL Certificates

Let’s Encrypt offers free domain-validated (DV) single-domain SSL certificates, which are ideal for almost every website. In most cases two Let’s Encrypt certificates need to be ordered for a single site; one for WWW and one for non-WWW.

If you should, but do not see the WWW or non-WWW version of your domain listed here, be sure both variations are added to the User Portal.

Let’s Encrypt certificates expire after 90 days, compared to 365 days for RapidSSL. Our system will attempt to auto-renew these 15 days before expiration.

Ordering a Let’s Encrypt certificate replaces any existing certificates on WP Engine for that domain (RapidSSL or 3rd-party).

RapidSSL Wildcard Certificate

WP Engine offers wildcard domain-validated (DV) certificates from RapidSSL. You only need this type of certificate if you want to cover your root domain AND all subdomains with a single certificate.

RapidSSL wildcard certificates cost $199 USD and will cover all subdomains. However, if you only use a few subdomains, it’s much easier to manage the few certificates you need with free Let’s Encrypt SSL certificates instead.

Our system will auto-renew RapidSSL 3 days before its expiration, unless autorenew has been manually disabled.

NOTE: You can not purchase a RapidSSL certificate if you purchased your hosting account in a non-USD currency.

NOTE: For a Wildcard SSL order to process, the top-level (non-WWW) domain must have DNS pointed to a WP Engine server.

Import A New or Existing 3rd-Party SSL Certificate

Note: The option to import a 3rd-party SSL certificate is not available for Startup plans.

Importing a 3rd-party SSL is ideal if you already have a valid SSL certificate you want to use, or if you need to use an Extended Validation (EV) or Multi-Domain certificate (SAN).
Importing 3rd-party SSLs also allows you to secure the domain prior to DNS being pointed to WP Engine.

To import an existing 3rd-party SSL we must have a matching certificate and key file.

Import New Certificate

This option will help you generate a CSR. A CSR (Certificate Signing Request) securely generates and saves a key file on WP Engine’s servers. You then take the CSR to your SSL issuer who will use it to create a certificate file that matches. Once that is provided back to us, we will validate that the files match and install the certificate.

WP Engine uses Server Name Indication (SNI) for SSL/TLS certificates. SNI provides an efficient way to configure certificates, and it works well with most browsers. However, visitors that use Internet Explorer on Windows XP may see the following error:

This Connection is Untrusted / Certificate Error: You have asked to connect securely, but we can’t confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site’s identity can’t be verified.

If you are using Sucuri WAF

Please contact the Sucuri team and request enabling the Forward Certificate Validation to Hosting option. This will allow your Let’s Encrypt certificate request to process normally.

Secure URL Options

To see your SSL options simply click on the domain name to expand the options. The option “secure all URLs” is selected on an SSL ordered through WP Engine by default.

This option tells our platform to automatically serve HTTP page requests secured with HTTPS. One important thing to note when you choose this option is to ensure you are not using any force SSL plugins.

Why can’t I use a force SSL plugin?

Force SSL plugins can cause redirect loops when their settings conflict with the settings on the SSL dashboard. We recommend that you leverage the settings that we provide in the SSL dashboard as they work server side and have been tested extensively with our platform.How do I know if I use a force SSL plugin?

Article Quick Tips

Tip

If you are using Sucuri WAF to protect your site and need to request a Let's Encrypt certificate, please contact the Sucuri team and request enabling the Forward Certificate Validation to Hosting option. This will allow your Let's Encrypt certificate request to process normally.

Tip

Let’s Encrypt does not issue certificates for high-risk domain names—those that resemble well-known banks or brands (e.g., wellsfargo.world or cocacola.info) or for sites that Google tags as unsafe.

Tip

When you are purchasing an SSL certificate, the SSL purchase process attempts to verify that you have pointed your domain at WP Engine.
If your SSL request fails to process automatically, a Support ticket with a "Certificate Domain Validation Error" or "Certificate Authority Error."
If you experience these errors, check to ensure your DNS is pointed correctly to WP Engine, and (if purchasing a RapidSSL certificate) that your domain does not redirect to another domain.

Setup A Site

Share

Share:

Contact the WP Engine Support Team

In order to get expert one-on-one help, please log into your account so we can identify your account and get you exactly the help you need. We offer support 24 hours a day, 7 days a week, 365 days a year.